Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1987
Views
10
Helpful
2
Replies

Cisco FMC Mangement interface IP configuration

Go to solution
varrao
Level 10
Level 10

‎09-27-2021 05:41 AM

Hi All,

 

We have a cisco FMC 4500, it has multiple management interfaces that we can use. Due to some restraints on mgmt zone, we need to ensure the device management traffic is done through a separate interface (lets say eth1) and the FMC uses another interface (lets say eth2) for going out to the internet (for license updates, software downloads, URL list updates, and other communication with Cisco cloud.

 

Is it a supported architecture? If yes, any considerations we need to ensure?

 

Regards

Thanks,
Varun Rao
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎09-27-2021 06:03 AM

@varrao 

Not tried it myself, but you can define additional management interfaces on the FMC.

 

Refer to the section "Management Interfaces on the FMC" here:-

https://www.cisco.com/c/en/us/td/docs/security/firepower/misc/fmc-ftd-mgmt-nw/fmc-ftd-mgmt-nw.html#ID-2242-0000010c

 

"The FMC uses the eth0 interface for initial setup, HTTP access for administrators, management of devices, as well as other management functions such as licensing and updates. 

 

You can also configure additional management interfaces on the same network, or on different networks. When the FMC manages large numbers of devices, adding more management interfaces can improve throughput and performance. You can also use these interfaces for all other management functions. You might want to use each management interface for particular functions; for example, you might want to use one interface for HTTP administrator access and another for device management."

 

 

 

 

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-27-2021 06:07 AM

You must use eth0 for the Internet--based communications (licensing etc. as you noted).

You may use other interfaces (eth1, 2 3) for device management if you configure the appropriate routes on your FMC.

Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/system_configuration.html#ID-2242-0000010c

View solution in original post

2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎09-27-2021 06:03 AM

@varrao 

Not tried it myself, but you can define additional management interfaces on the FMC.

 

Refer to the section "Management Interfaces on the FMC" here:-

https://www.cisco.com/c/en/us/td/docs/security/firepower/misc/fmc-ftd-mgmt-nw/fmc-ftd-mgmt-nw.html#ID-2242-0000010c

 

"The FMC uses the eth0 interface for initial setup, HTTP access for administrators, management of devices, as well as other management functions such as licensing and updates. 

 

You can also configure additional management interfaces on the same network, or on different networks. When the FMC manages large numbers of devices, adding more management interfaces can improve throughput and performance. You can also use these interfaces for all other management functions. You might want to use each management interface for particular functions; for example, you might want to use one interface for HTTP administrator access and another for device management."

 

 

 

 

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-27-2021 06:07 AM

You must use eth0 for the Internet--based communications (licensing etc. as you noted).

You may use other interfaces (eth1, 2 3) for device management if you configure the appropriate routes on your FMC.

Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/system_configuration.html#ID-2242-0000010c

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card